Cisco IOS to ASA (8.4) - Basic IPSec Site-to-Site VPN

R1 - 

crypto isakmp policy 1

 encr 3des

 hash md5

 authentication pre-share

 group 2

crypto isakmp key ipexpert address 10.1.1.2

crypto ipsec transform-set oscar esp-3des esp-md5-hmac 

crypto map shelby 1 ipsec-isakmp 

 set peer 10.1.1.2

 set transform-set oscar 

 match address 100

access-list 100 permit ip host 2.2.2.2 host 1.1.1.1

interface FastEthernet0/0

 ip address 10.1.1.25 255.255.255.0

 duplex auto

 speed auto

 crypto map shelby

****************************

ASA -

crypto ipsec ikev1 transform-set oscar esp-3des esp-md5-hmac 

crypto map shelby 1 match address abby

crypto map shelby 1 set peer 10.1.1.25 

crypto map shelby 1 set ikev1 transform-set oscar

crypto map shelby interface outside

crypto ikev1 enable outside

crypto ikev1 policy 1

 authentication pre-share

 encryption 3des

 hash md5

 group 2

 lifetime 86400

tunnel-group adrian type ipsec-l2l

tunnel-group 10.1.1.25 type ipsec-l2l

tunnel-group 10.1.1.25 ipsec-attributes

ikev1 pre-shared-key *****

access-list abby extended permit ip host 2.2.2.2 host 1.1.1.1 

access-list abby extended permit ip host 1.1.1.1 host 2.2.2.2 

  

Cisco IOS - Basic IPSec Site-to-Site VPN

This is the basic configuration needed to bring up an IPSec tunnel between (2) IOS routers (This was done on a pair of 2801's)

Please keep in mind that the names used do not have to match on both side's.

R1


crypto isakmp policy 1
 encr 3des
 hash md5
 authentication pre-share
 group 2

crypto isakmp key c1sco address 10.1.12.2

crypto ipsec transform-set shelby esp-3des esp-md5-hmac

crypto map CMAP 10 ipsec-isakmp
 set peer 10.1.12.2
 set transform-set shelby
 match address 100

interface Serial0/3/0
 ip address 10.1.12.1 255.255.255.0
 clock rate 64000
 crypto map CMAP

interface Loopback0

 ip address 1.1.1.1 255.255.255.255

ip route 2.2.2.0 255.255.255.0 10.1.12.2

access-list 100 permit ip host 1.1.1.1 host 2.2.2.2

r1#ping 2.2.2.2 source lo0

Packet sent with a source address of 1.1.1.1
!!!!!

r1#show crypto session  
     
Crypto session current status

Interface: Serial0/3/0
Session status: UP-ACTIVE  
Peer: 10.1.12.2 port 500
  IKE SA: local 10.1.12.1/500 remote 10.1.12.2/500 Active
  IPSEC FLOW: permit ip host 1.1.1.1 host 2.2.2.2
        Active SAs: 2, origin: crypto map

*************

R2

crypto isakmp policy 1
 encr 3des
 hash md5
 authentication pre-share
 group 2

crypto isakmp key c1sco address 10.1.12.1

crypto ipsec transform-set shelby esp-3des esp-md5-hmac

crypto map CMAP 10 ipsec-isakmp
 set peer 10.1.12.1
 set transform-set shelby
 match address 100

interface Loopback0
 ip address 2.2.2.2 255.255.255.255

interface Serial0/3/0
 ip address 10.1.12.2 255.255.255.0
 crypto map CMAP

ip route 1.1.1.0 255.255.255.0 10.1.12.1

access-list 100 permit ip host 2.2.2.2 host 1.1.1.1